Users' consent - simple as SAML David Simonsen = FED. C FED. - - PowerPoint PPT Presentation

users consent simple as saml
SMART_READER_LITE
LIVE PREVIEW

Users' consent - simple as SAML David Simonsen = FED. C FED. - - PowerPoint PPT Presentation

May 04, 2023 258 likes •481 views

Users' consent - simple as SAML David Simonsen = FED. C FED. (USA) FD. FED. r o Kalmar Kalmar FED. Kalmar s s f e d FED. g e e d g e w l d n o w l e K o e K n g e e d w l n o K r FED. a e n g

slide-1
SLIDE 1

Users' consent - simple as SAML

David Simonsen

slide-2
SLIDE 2

=

slide-3
SLIDE 3

FØD. FED. FED. FED. FED. FED. FED. FED. FED. (USA) FED. FED. FED. FED. FED. FED.

Kalmar Kalmar Kalmar K n

  • w

l e d g e E x c h a n g e K n

  • w

l e d g e K n

  • w

l e d g e E x c h a n g e E x c h a n g e eduGAIN eduGAIN

C r

  • s

s f e d e r a t i

  • n

i s c

  • m

i n g

slide-4
SLIDE 4

EU directive

  • Directive 95/46/EC of the

European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

I t c

  • n

s e r n s u s a l l . . .

slide-5
SLIDE 5

Principles

  • Transparency
  • Legitimate purpose
  • Proportionality
slide-6
SLIDE 6

Privacy

"Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively." - WikiPedia

slide-7
SLIDE 7

Consent

slide-8
SLIDE 8

Purpose

  • Can the service justify the amount of attributes

required ? What is the service about?

slide-9
SLIDE 9

Consent

  • The consent must be
  • Volentary (no arm-twisting)
  • Specific (one purpose)
  • Informed (understandable)
slide-10
SLIDE 10

Volentary

  • 'If you don't consent we will spank you every

Monday' Do you consent to sending a personal pseudonym (non-identifiable pointer) to Microsoft?

slide-11
SLIDE 11

'BBC may recieve your email-adress'

Specific

  • 'All connected services may recieve your email-

adress'

slide-12
SLIDE 12

'If you do not consent you will not get access'

Informed

  • 'If you do not consent we will not not

decline from not delivering no services'

slide-13
SLIDE 13

Consent withdrawn

  • You can always withdraw a consent
  • but where to do it?

Where you gave it... But who did you give it to?

slide-14
SLIDE 14

In a Shib-føderation

slide-15
SLIDE 15

Central Proxy IdP

slide-16
SLIDE 16

Central IdP

slide-17
SLIDE 17

Duty of information Consent Consent covers both No personal data should be kept

slide-18
SLIDE 18

No personal data is kept

2km4756k4l3n43j34j3 8ds989g+sdfhkjrwk30!

slide-19
SLIDE 19

How to do it? Use simpleSAMLphp

slide-20
SLIDE 20

DEMO TIME

slide-21
SLIDE 21

Links

  • Wiki @ DK-AAI (http://wiki.dk-aai.dk)
  • Foodle @ FEIDE (http://foodle.feide.no)
  • DK-AAI website http://www.dk-

aai.dk/?do=login

  • Consent administration @ WAYF

https://wayf.wayf.dk/consent/consentAdmin. php